A stored Cross Site Scripting (XSS) vulnerability in Esri...
Moderate severity
Unreviewed
Published
Dec 8, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Dec 7, 2021
Published to the GitHub Advisory Database
Dec 8, 2021
Last updated
Feb 1, 2023
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
References